Mass assignment restriction has been moved from model to controller level. Ealier we used attr_accessible and attr_protected methods in model for mass assignment security, These are been removed and moved to the protected_attributes gem.

In the new implementation, passing params directly to the mass assignment methods like create will raise a ActiveModel::ForbiddenAttributesError, instead of passing params directly to the create method in the controller, we pass a private method which permits the accessible attributes.

class PeopleController < ActionController::Base # Using “Person.create(params[:person])” would raise an # ActiveModel::ForbiddenAttributes exception because it’d # be using mass assignment without an explicit permit step. # This is the recommended form: def create Person.create(person_params) end

# This will pass with flying colors as long as there’s a person key in the # parameters, otherwise it’ll raise an ActionController::MissingParameter # exception, which will get caught by ActionController::Base and turned # into a 400 Bad Request reply. def update redirect_to current_account.people.find(params[:id]).tap { |person| person.update!(person_params) } end

private # Using a private method to encapsulate the permissible parameters is # just a good pattern since you’ll be able to reuse the same permit # list between create and update. Also, you can specialize this method # with per-user checking of permissible attributes. def person_params params.require(:person).permit(:name, :age) end end

Turbolinks

Turbolinks is a gem that is included by default in rails 4.0. This gem make your application feel faster to the user using javascript (i.e AJAX Request) to replace the html body of new pages instead of relying on full page load with which the browser don’t have to reparse your js or css on every page load.

Russian Doll Caching

Russian Doll Caching is a mechanism of using nested fragment caches to have maximum cache hits to boost up the performance.

For example: If we have parent fragment and many child fragments under it, Changing the parent fragment will expire only the parent fragment and the child fragments will be still served from the cache. If the child fragment is changed the changed child fragment and its parent fragment will be expired.

One main advantage is cache_digests gem is included by default in rails 4.0 which avoids the use of version in fragment caching and instead generate a MD5 hash key based on the template content, which means if the template content changes the cache gets expired.

ActionController::Live

Live is a special module included in ActionController class. It enables Rails to open and close a stream explicitly. Mix this module in to your controller, and all actions in that controller will be able to stream data to the client as it’s written.

PATCH

The HTTP method PUT means resource creation or replacement at some given URL. For example say you have uploaded a file and you want to replace that with a new file that’s where PUT comes in to picture. As per http standards PUT is not for partial updates. PATCH is the new http verb added in rails 4.0 for partial updates

When you call id on nil object

Earlier i.e before ruby 1.9.3 when you call id on nil a weird error message was displayed ‘Called id for nil which would mistakenly be 4. If you really want id of nil use object_id. This is because earlier calling id on any object would return the object_id, but this is not the case any more in ruby 1.9.3 and above. To get the object_id you need to explicitly call the object_id method on object. Hence the new error message when you attempt to call id on nil object is undefined method id for nil class.

The above method performs the caching based on a unique key. If the value for that key already exists, it will return the output from the stored cache or else it will execute the block you are using when calling the above method and generate a new value from the executed block for the particular key and store it in the cache.

You can set a timer to expire the cached data.(15 mins in my case.)

If you don’t want to expire the cache based on timer, simply remove the third parameter we are passing to ’set’ method.

The above method also handles the exception,in case your memcache server is down for some reason.

Note : The key generated should be always unique, otherwise it will overwrite your existing cached data already having the same key. I am using the URL as the key, Since the URL is pretty long we can take the MD5 hash/SHA1 hash of it and use it as the key.

5. You can edit memory used by memcached as follows.

Open /etc/sysconfig/memcached file and edit “CACHESIZE” entry,
this entry is in MBs.
That's it your ready to go.

Before you get to know how to install and use Edge Rails, you need to know what actually Edge Rails is.

Edge Rails actually means running a local developmental version of rails. It’s an alternative to gem rails.

Many a times I have thought how to freeze my rails application to local gems version or a particular gems version, So that I can run my frozen application on some other system which have some different version of rails installed. Luckily I found Edge Rails.

For example:- Consider you have frozen your rails application to the latest rails version 2.3.2 and you want to run this application on a different system which have a much older version of rails, consider for example version 2.1.0.

In this case you can run your newest frozen version of rails application on other system, which have an older version of rails installed, without any glitches or bugs, using Edge Rails.

How to Install and Use Edge Rails?

1. If you want to freeze your application to the gems version currently available on your system, then go to root of your rails application and run

rake rails:freeze:gems

By running the above command a new directory “rails” will be created inside your vendors directory. When you run your rails framework, Your application will first check for this directory and if it’s present, Rails components will be loaded from this directory instead of using your system copy of rails, and thus you are switched from Gems Rails to Edge Rails.

2. If at any point of time, you want to switch back from Edge Rails to Gem Rails. You can always do it by running the below command

rake rails:unfreeze

3. If you want to freeze your application to the latest development version, then run.

rake rails:freeze:edge

once you are switched to the latest development version, your javascripts and other configuration files needs to be updated corresponding to the latest version. For this you need to run,

rake rails:update

4. Freeze your application to a different version.
Consider you want to freeze your rails application to rails version 2.1.0, then you have to just run the command

rake rails:freeze:edge RELEASE=2.1.0

5. In order to find out what version of rails your application uses, From the root of your rails application, run

Every one in the Ruby / Rails world knows and implements different payment methodologies for their E-commerce shopping cart. We understand people know much about how to integrate with Paypal, Authorize.net…blah blah blah… however the biggest issue with all these payment gateways is that the customers have to be associated with multiple websites i.e. If I want to buy something from a cart which associates to Paypal gateway, I need to have an account. So if that is the case then for every different Ecommerce payment gateway I need to have a separate account and I need to remember the credentials. Also many times if I want to implement offline payments such as money orders or cheque, etc., we don’t have any implementation that could take care of this system.

However many time I wished that it would be good that these shopping companies support multiple payment gateways and also multiple methods which are country oriented. E.g. Paypal is not an acceptable method in India, where as it is a Hit in US… Same way In France JCB is well known and in UK, Diners club, switch, maestro cards are well known. So I always believe that I should be allowed to pick up only the ones I need to make the payments as most of the time I shall be associated to one of them rather than getting myself associated to every one and forget at the end of the day where what transaction took place.

Thankfully to my support came in Bibit, a payment service of Royal Bank of Scotland (RBS) which supports almost all the payment gateways available and provides you information of gateways based on the country of the shopper. And to my advantage, I was supposed to write a code for a shopping cart to which it supported. Bibit is very much well known in Europe. Bibit also support Multi-Lingual

Before I start telling you how to implement bibit, a small introduction about BIBIT

“The Bibit Redirect, or Select, service model is an integration method to the Bibit Payment Service suited for Internet shop environments, call centers or reservation centers, and multi-channel sales situations. It allows for real-time processing of payments and ensures a maximum number of up-to-date payment methods. The Redirect model is secure, provides Bibit with required information to perform active fraud risk assessment, and is the fastest way to get up and running with on-line payments.” – As available in bibit website.

More details can be found in http://www.bibit.com . Also this post picks up much of the information from the bibit document and has been modified to suit Ruby on Rails users.

What bibit does is, it provides a standard methodology to the shopping cart websites who can register with Bibit and then run their code with bibit. Once the shopping websites provide bibit some information the control is transferred to Bibit and after completion just like paypal, you can take back the control. So actually the shopping Cart websites integrate their systems with bibit and bibit provides the customers of the shopping cart websites with various predefined payment gateways based on the country and languages.

Now we know what Bibit is, Lets to see how we can integrate bibit to our shopping carts.

Bibit provides an exclusive method called XML Order Creation which can be utilized to send information to bibit’s website as a secured channel and they handle the rest. The data is sent as an XML with some key elements such as description, amount, orderContent, paymentMethodMask and shopper.

Some of the Elements of this XML are as follows

1. Document Type Declarations

As with any XML declaration we need to declare bibit as well to use the standards payment service dtd as follows

This is the information that the shopping cart have to provide to bibit in order to authorize the input XML. The main information required is the merchant code.

<paymentService version=”1.4″ merchantCode=”MYMERCHANTCODE”>

<submit>

</submit>

</paymentService>

The XML requires only the Merchant code, however in order to send the xml to the bibit website we need the merchant code as login and the xml password to send this XML. This is more explained in the Http Connectivity section

3. Order Creation Details

While creating an order we have to follow few significant methods so that Bibit understands the order that has been sent. Some of them are

a. Order Description– Requires Order Code, Description, Order value, Currency in which order is being placed and the decimal place. The below is a sample example of an order. The Order Code has to be very much unique from bibit’s perspective and hence it is advisable to create the ordercode with a Salt of your’s and a number

<order orderCode=”T0211011″>

<description>Some description of your product</description>

<amount value=”2600″ currencyCode=”USD” exponent=”2″/>

…

</order>

b. Order Content – Has the complete details of the order and its line items. These details are wrapped inside a CDATA to allow bibit to confirm / show the user the order details. This is something like giving the details of what you would ideally put in a Confirm page before you place the order.

<orderContent>

<![CDATA[content here]]>

</orderContent>

Some of the information that is generally part of order content are order code, line items, item price, total amount, shipping and billing addresses, merchant contact details, etc., For more information you can refer to bibit’s documentation.

c. Selecting Payment Gateways – In bibit, you can select which all payment gateways that you can allow to your client to login and support.

What Next, now lets do some Ruby coding to send this XML to bibit and do the processing. We shall utilize Net HTTP for the same. So in your controller i.e. where you have checkout processing being done you can add this code. I shall call my controller as CartController and the code shall be in cart_controller.rb

The first thing I require is to declare the required lib files. We need to declare http, https and uri classes. These are available as follows

require ‘net/https’

require ‘net/http’

require ‘uri’

Once you have your declaration ready all you have to do is write the code in the make_payment method

def make_payment

#….write all the necessary code.to do necessary bibit payments
end

Lets understand one by one on what has to be filled with in the make_payment method

First get the XML ready

xml_string = %{xml as above}

It is better to putin the xml with in the %{} as the content becomes a well formatted xml. If we try to do it as quotes or double quotes, lots of escape sequences have to be used which is a pain. We found out sing %{} is the best method.

Once your XML is ready, Start posting the XML throught NET HTTP

All you need for this to work, is connection to the bibit service, your merchant code and the merchant password that you have declared in bibit.com using your login credentials.

Once you send the XML to the bibit as above, bibit shall send you back an response XML which gives you some information about bibit accepting your order. All we have to do is to extract the order code and the re-direction information from response xml and re-direct our application to bibit to do the complete gateway process

Reference ID – This ID is more necessary for Future references or offline payments so that you know the status of the product. The reference ID in this xml response is

1234567

Order Code – This is the code that we generated before sending it to the bibit payment. This has to be unique and can be used to check in the database for order placement. The order code in the xml response is

T0211011

In order to extract the information from the response xml we can use any parser such as ReXML parser / Atom Parser / CobraVsMongoose

Redirecting to Bibit

Once the URL has been acquired from the response XML, do a redirection to Bibit. Also you can do additional activities so that you can change the look and feel and information in the website.

a.Redirecting URLs

Additionally you can customize the URL to send your success / failure / pending URLs to Bibit to redirect to your website so that you can handle the particular order status i.e. When the Bibit completes the payment and if you want them to redirect back to your website (similar to returnurl of paypal), you can provide them as encoded text along with the bibit url (available in the response xml). The procedure could be as follows

You are at your disposable to implement any of these. Bibit shall redirect to your URLs along with the order code so that you can handle if you want to convert the cart into an order or not. A sample Success URL that bibit creates is as follows